I heard my first speech from Cory Doctorow at the Gartner IAM Summit this morning. He gave an interesting overview of the history of digital copyright law and attempts to enforce limited access by schemes such as Digital Rights Management and encrypted data streams. He expanded beyond this basic overview to discuss how current laws make it illegal to reveal hidden flaws in software and devices. Some points I found particularly thought-provoking include:

The 1998 Digital Millennium Copyright Act which criminalized breaking Digital Rights Management methods, wasn’t very effective, because people who were willing to break existing laws to steal content didn’t mind breaking another law.

Current copyright laws designed to make it illegal to know how DRM or encrypted streaming video devices work (e.g. Netflix player devices) also make it illegal to reveal flaws in our computers.

These laws may stop honest people, but support bad guys’ efforts to discover and weaponize vulnerabilities.

The NSA and its British equivalent spent billions of dollars per year to find vulnerabilities in devices, but don’t reveal what they have found.

Back doors to systems (such as government-requested back doors to encryption algorithms) have no allegiance. We must assume that such back doors will be used for evil as well as good purposes.

Be suspicious of any software you cannot audit or inspect. How else can you know what lurks therein?

Remember – the capacity for human self-deception is bottomless. Will technology set us free or enslave us?